Load Balancing EAP with freeradius...

Alexander Clouter alex at digriz.org.uk
Thu Mar 24 11:15:10 CET 2011


Robert Roll <Robert.Roll at utah.edu> wrote:
> 
> I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I 
> looked at the proxy.conf and it seems that there are two options, 
> because you have to insure the same end client talks to the same 
> radius server. There seems to be client-balance that uses IP source 
> addresses and there is Load-Balance-Key something like
> 
>  update control {
>    Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-ID}"
>  }
> 
> Currently, we have a Radiator server that uses client mac-addresses for this purpose. If I do
> want to use the Load-Balance-Key, I'm honestly not sure where to put the update of the
> Load-Balance-Key.. Does it go in the proxy.conf  ?
> 
Straight into your 'authorize' section, as close to the top as you 
like/can.  The following is roughly what we use, we only do it for 
'Realm == DEFAULT' as that is for our 'eduroam'ing userbase:
----
authorize {
  preprocess

  suffix

  [unlang/policy that is used for *all* packets]

  eap {
    ok = return
  }

  # done after eap so we find can record what guests are using
  if (Realm == DEFAULT) {
    update control {
      Load-Balance-Key := "%{NAS-IPv6-Address} %{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-Id}"
    }
    # break out of 'authorize' early to spare CPU cycles
    handled
  }

  [unlang/policy that is used for all *non-proxied* packets]
}
----

Cheers

-- 
Alexander Clouter
.sigmonster says: People who push both buttons should get their wish.




More information about the Freeradius-Users mailing list